tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Egolf <ceg...@ugholf.net>
Subject Re: How does Tomcat manage Form-based authentication?
Date Fri, 02 Apr 2004 21:35:33 GMT


Malcolm Warren wrote:
> I've tried including the session id, but it creates a new one.
> 
> It's calling a url in another application in the same engine. Can't 
> session info be shared across applications?

No.  Session information cannot be shared between contexts (webapps).
> I've allowed single sign-on in server.xml.
> 
I think single sign-on allows you to share container-based authentication 
between webapps.   In other words, if you've authenticated successfully against 
one webapp, and you've got single sign-on enabled, you're authenticated against 
other webapps within the same container.

> I don't want to merge them into one application, because I may put one 
> of them in another virtual machine.
> 

Maybe you can persist session info that needs to be shared to a backend 
database.  AFAIK, sessions can't cross contexts per the servlet spec.
> 
> 
> On Fri, 2 Apr 2004 10:31:59 +0200, Ralph Einfeldt 
> <ralph.einfeldt@uptime-isc.de> wrote:
> 
>> That information is stored in the session.
>>
>> So your programm has to include the session id
>> that was created by tomcat in the requests (either
>> as cookie or as query parameter)
>>
>>> -----Original Message-----
>>> From: Malcolm Warren [mailto:malcolm@villeinitalia.com]
>>> Sent: Friday, April 02, 2004 10:12 AM
>>> To: Tomcat Users List
>>> Subject: Re: How does Tomcat manage Form-based authentication?
>>>
>>> I'm using an old nuts and bolts programme that actually
>>> programmatically sent the "Authorization" header string
>>> for BASIC  authorization, and I'd  like to continue using
>>> this programme, but I have to tell the new FORM
>>> version that I've already signed in, and I don't know how.
>>>
>>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

-- 
============================================================================
                                Chris Egolf
              http://www.ugholf.net     cegolf@ugholf.net
============================================================================


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message